I can quite remember if the patches got pushed downstream to the stable (1.4.x) version, but krb5 support for klog should be in the 1.5.x dev branch. It is called something like klog.krb5.
I have sucessfully used that version of klog with the stable branch on Solaris. On Fri, 29 May 2009, Steven Jenkins wrote: > On Fri, May 29, 2009 at 7:06 AM, David Robson <[email protected]> wrote: > ... > > I have set up an AFS cell, a partition a volume and a user and an acl. > > > > On the server machine, I can authenticate as the user with kadmin and aklog, > > and then I have read/write access to the user's /afs home directory. ?All > > good so far. > > > > However, I can't authenticate with klog, on the AFS server, or on client > > machines. > > > > If I run "klog <username>", I get the error message > > > > "Unable to authenticate to AFS because Authentication Server was > > unavailable." > > > > Note that using klog + kaserver is one option, and that using kadmin > and aklog is a different option -- you can't mix the two. > > As you discovered via googling, it's recommended that you use an > external Kerberos infrastructure rather than klog + kaserver. > > > After a bit of googling, I find that I should be running the kaserver, I > > do so by running /usr/afs/bin/kaserver as root in the xterm. ?How should > > it be run, and with which arguments?? > > > > With kaserver running, I now get the error ... > > > > "Unable to authenticate to AFS because user doesn't exist." > > > > But the user exists! ?I created it with kadmin -q "addprinc <username>" > > > > This is because your principal is in your third party KDC, not in the > kaserver. To create principals in the kaserver, you use the 'kas' > command. But again, since you already have a working 3rd party KDC, > just don't use the kaserver and klog at all. > > > Further googling suggests I shouldn't be running kaserver, but kdc. > > However I AM running krb5kdc, but it doesn't seem to be listening on > > the same port as kaserver (7004) > > > > I am confused and stuck. ?Can anyone put me in the right direction? > > > > My suggestion is to not worry about klog at all and instead use kadmin > to create principals, kinit to get Kerberos tickets, and aklog to > convert those tickets to AFS tokens. > > -------------------------------------- Sean O'Malley, Information Technologist Michigan State University ------------------------------------- _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
